Skip to Content

Beware! Another cryptojacking malware is spreading

Are you familiar with the malware called Loapi? We talked about this new kind of malware recently and it can literally burn your smartphone to the ground.

Loapi was nicknamed the “jack of all trades” of mobile malware. It can be adware. It can turn your phone into a botnet for DDoS attacks. It can do premium text scams but most importantly, it can cryptojack your gadget.

What is cryptojacking?

What is cryptojacking? It’s a new method for hackers to generate revenue for themselves at your expense.

Since cryptomining consumes tons of electrical energy, fraudsters love sourcing out this activity to others. Instead of putting up server farms dedicated to cryptomining, they would rather steal your computing resources to do the heavy lifting for them.

They can do this by installing cryptomining malware secretly on your phone or computer. Think of it as similar to a botnet, except it’s used for mining cryptos like Bitcoin or Monero instead of performing denial of service attacks.

Click here for a detailed look at how cryptojacking works.

New mobile cryptojacker spotted

Cryptojacking is a growing problem. It’s a new threat that can impact Windows machines, Internet-of-Things appliances, and Android gadgets. It’s getting more popular as we speak.

In fact, security researchers from Chinese security company Qihoo 360 Netlab have recently discovered a new form of mobile cryptojacking malware.

The malware, named ADB.Miner, is an Android worm that scans vulnerable gadgets on the web then infects them with hidden cryptomining software.

ADB.Miner is said to be using the same scanning code as Mirai. If you may recall, Mirai was used to launch the massive botnet attacks of 2016 that crippled the Dyn DNS servers.

ADB.Miner searches for the IP addresses of vulnerable gadgets including Android-based smartphones, tablets, smart TVs and set-top boxes that have publicly accessible Android Debug Bridges (ADB).

Android ADB is a command line tool used for a variety of tasks including installing and debugging apps.

Using the same techniques as Mirai, ADB.Miner searches for gadgets with open 5555 ports and accessible ADB interfaces. If successful, the malware proceeds to infect the Android gadget with software that mines the cryptocurrency called Monero.

Why is cryptojacking dangerous for your gadget? Well, it can make your gadget work overtime, relentlessly straining your gadget’s processor and cause it to overheat. It can also use up your data bandwidth without your knowledge.

And that’s not all. Aside from secretly installing cryptomining software, the malware also scans the internet for more victims it can infect. It’s exactly how a virus is supposed to operate.

Netlab researchers note that the infections were first spotted in January 2017 and the number of victims has increased steadily. As of February 4, they have already detected 7,400IP addresses using the Monero cryptomining code.

Based on the IP addresses, it looks like the majority of victims are from China and South Korea. But due to the wormable features of ADB.Miner, it can spread globally quickly.

How to protect your Android gadget from ADB.Miner

To protect your Android-based smartphone, tablet, smart TV and set-top box from ADB.Miner, make sure your gadget’s ADB interface is disabled.

All Android gadgets have ADB port 5555 closed anyway. If you haven’t enabled it manually, then you should be fine.

It’s also a good idea to put your network behind a firewall. Most routers have basic firewalls that will let you disable ports. Click here to check if your firewall is working.

As usual, beware of installing applications straight off the web and not from the official Google Play Store. Also, look out for surprise app permission requests that might pop out and never grant them!

Make sure you enable Android’s real-time security program, Google Play Protect. It certainly will be a huge help in containing malicious apps before they can cause damage.

Click here for tips on how to detect Android malware.

Have a question about the cryptomining? Kim has your answer! Click here to send Kim a question, she may use it and answer it on her radio show. The Kim Komando Show is broadcast on over 450 stations. Click here to find the show time in your area.

In other news, what in the world is WannaMine and how do you stop it?

It’s not just Android gadgets that are being targeted with cryptomining malware. Check out WannaMine, a new Windows malware attack that combines the spreadability of WannaCry and the worst bits of cryptojacking. Click here to read more about it.

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days